v27.4.0

27.4.0

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 27.4.0 milestone
• moby/moby, 27.4.0 milestone

API

• GET /images/json with the manifests option enabled now preserves the original order in which manifests appeared in the manifest-index. moby/moby#48712

Bug fixes and enhancements

• When reading logs with the jsonfile or local log drivers, any errors while trying to read or parse underlying log files will cause the rest of the file to be skipped and move to the next log file (if one exists) rather than returning an error to the client and closing the stream. The errors are viewable in the Docker Daemon logs and exported to traces when tracing is configured. moby/moby#48842
• When reading log files, compressed log files are now only decompressed when needed rather than decompressing all files before starting the log stream. moby/moby#48842
• Fix an issue that meant published ports from one container on a bridge network were not accessible from another container on the same network with userland-proxy disabled, if the kernel's br_netfilter module was not loaded and enabled. The daemon will now attempt to load the module and enable bridge-nf-call-iptables or bridge-nf-call-ip6tables when creating a network with the userland proxy disabled. moby/moby#48685
• Fix loading of bridge and br_netfilter kernel modules. moby/moby#48966
• containerd image store: Fix Docker daemon failing to fully start with a "context deadline exceeded error" with containerd snapshotter and many builds/images. moby/moby#48954
• containerd image-store: Fix partially pulled images not being garbage-collected. moby#48910, moby/moby#48957
• containerd image store: Fix docker image inspect outputting duplicate references in RepoDigests. moby/moby#48785
• containerd image store: Fix not being able to connect to some insecure registries in cases where the HTTPS request failed due to a non-TLS related error. moby/moby#48758
• containerd image store: Remove a confusing warning log when tagging a non-dangling image. moby/moby#49010
• dockerd-rootless-setuptool.sh: let --force ignore smoke test errors moby/moby#48695
• Disable IPv6 Duplicate Address Detection (DAD) for addresses assigned to the bridges belonging to bridge networks. moby/moby#48684
• Remove BuildKit init timeout. moby/moby#48963
• Ignore "dataset does not exist" error when removing dataset on ZFS. moby/moby#48968
• Client: Prevent idle connections leaking FDs. moby/moby#48764
• Fix anonymous volumes being created through the --mount option not being marked as anonymous. moby/moby#48755
• After a daemon restart with live-restore, ensure an iptables jump to the DOCKER-USER chain is placed before other rules. moby/moby#48714
• Fix a possible memory leak caused by OTel meters. moby/moby#48693
• Create distinct build history db for each store. moby/moby#48688
• Fix an issue that caused excessive memory usage when DNS resolution was made in a tight loop. moby/moby#48840
• containerd image store: Do not underline names in docker image ls --tree. docker/cli#5519
• containerd image store: Change name of USED column in docker image ls --tree to IN USE. docker/cli#5518
• Fix a bug preventing image pulls from being cancelled during docker run. docker/cli#5654
• Port some completions from the bash completion to the new cobra based completion. docker/cli#5618
• The docker login and docker logout command no longer update the configuration file if the credentials didn't change. docker/cli#5569
• Optimise docker stats to reduce flickering issues. docker/cli#5588, docker/cli#5635
• Fix inaccessible plugins paths preventing plugins from being detected. docker/cli#5652
• Add support for events --filter in cobra generated shell completions. docker/cli#5614
• Fix bash completion for events --filter daemon=. docker/cli#5563
• Improve shell-completion of containers for docker rm. docker/cli#5540
• Add shell-completion for --platform flags. docker/cli#5540
• rootless: Make /etc/cdi and /var/run/cdi accessible by the Container Device Interface (CDI) integration. moby/moby#49027

Removed

• Deprecate Daemon.Exists() and Daemon.IsPaused(). These functions are no longer used and will be removed in the next release. moby/moby#48719
• Deprecate container.ErrNameReserved and container.ErrNameNotReserved. moby/moby#48697
• Deprecate pkg/platform - this package is only used internally, and will be removed in the next release. moby/moby#48863
• Deprecate RepositoryInfo.Class. This field is no longer used, and will be removed in the next release. moby/moby#49013
• Go SDK: Fix deprecation of cli/command.ConfigureAuth(), which was deprecated since v27.2.1. docker/cli#5552
• Go SDK: Deprecate cli.Errors type in favour of Go's errors.Join docker/cli#5548

Packaging updates

• Update Go runtime to 1.22.10. moby/moby#49026, docker/cli#5669, docker/docker-ce-packaging#1120.
• Update Compose to v2.31.0. docker/docker-ce-packaging#1100
• Update BuildKit to v0.17.3. moby/moby#49024
• Update Buildx to v0.19.1. docker/docker-ce-packaging#1115
• Update containerd to v1.7.24. moby/moby#48934
• Update containerd (static binaries only) to v1.7.24. moby/moby#48919
• Update runc to v1.2.2. moby/moby#48919